From 38250db965a392bb282fa953c82ebab8bff26f9e Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Sun, 13 Jul 1997 07:27:07 +0000
Subject: [PATCH] bug-compatible with MIT

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2255 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/mk_safe.c | 31 +++++++++++++++++++++++--------
 lib/krb5/rd_safe.c | 33 ++++++++++++++++++++++++++-------
 2 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/lib/krb5/mk_safe.c b/lib/krb5/mk_safe.c
index 7df82789c..3040b0084 100644
--- a/lib/krb5/mk_safe.c
+++ b/lib/krb5/mk_safe.c
@@ -17,16 +17,9 @@ krb5_mk_safe(krb5_context context,
   size_t len;
   unsigned tmp_seq;
 
-  r = krb5_create_checksum (context,
-			    auth_context->cksumtype,
-			    userdata->data,
-			    userdata->length,
-			    &s.cksum);
-  if (r)
-    return r;
-
   s.pvno = 5;
   s.msg_type = krb_safe;
+
   s.safe_body.user_data = *userdata;
   gettimeofday (&tv, NULL);
   usec = tv.tv_usec;
@@ -41,9 +34,31 @@ krb5_mk_safe(krb5_context context,
   s.safe_body.s_address = auth_context->local_address;
   s.safe_body.r_address = auth_context->remote_address;
 
+  s.cksum.cksumtype       = 0;
+  s.cksum.checksum.data   = NULL;
+  s.cksum.checksum.length = 0;
+
+  r = encode_KRB_SAFE (buf + sizeof(buf) - 1,
+		       sizeof(buf),
+		       &s,
+		       &len);
+
+  if (r)
+    return r;
+
+  r = krb5_create_checksum (context,
+			    auth_context->cksumtype,
+			    buf + sizeof(buf) - len,
+			    len,
+			    &auth_context->key,
+			    &s.cksum);
+  if (r)
+    return r;
+
   r = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
   if (r)
     return r;
+
   outbuf->length = len;
   outbuf->data   = malloc (len);
   if (outbuf->data == NULL)
diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c
index 2e70d2a96..4243c40ac 100644
--- a/lib/krb5/rd_safe.c
+++ b/lib/krb5/rd_safe.c
@@ -25,7 +25,7 @@ krb5_rd_safe(krb5_context context,
       goto failure;
   }
   /* XXX - checksum collision-proff and keyed */
-  if (safe.cksum.cksumtype != CKSUMTYPE_RSA_MD4) {
+  if (safe.cksum.cksumtype != CKSUMTYPE_RSA_MD5_DES) {
       r = KRB5KRB_AP_ERR_INAPP_CKSUM;
       goto failure;
   }
@@ -74,12 +74,31 @@ krb5_rd_safe(krb5_context context,
       }
   }
 
-  r = krb5_verify_checksum (context,
-			    safe.safe_body.user_data.data,
-			    safe.safe_body.user_data.length,
-			    &safe.cksum);
-  if (r)
-      goto failure;
+  {
+      u_char buf[1024];
+      size_t len;
+      Checksum c;
+
+      copy_Checksum (&safe.cksum, &c);
+      
+      safe.cksum.cksumtype       = 0;
+      safe.cksum.checksum.data   = NULL;
+      safe.cksum.checksum.length = 0;
+
+      encode_KRB_SAFE (buf + sizeof(buf) - 1,
+		       sizeof(buf),
+		       &safe,
+		       &len);
+
+      r = krb5_verify_checksum (context,
+				buf + sizeof(buf) - len,
+				len,
+				&auth_context->key,
+				&c);
+      free_Checksum (&c);
+      if (r)
+	  goto failure;
+  }
   outbuf->length = safe.safe_body.user_data.length;
   outbuf->data   = malloc(outbuf->length);
   if (outbuf->data == NULL) {